Jusletter IT

A Genealogy and Classification of Rights Expression Languages – Preliminary Results

  • Authors: Tassilo Pellegrini / Andrea Schönhofer / Sabrina Kirrane / Simon Steyskal / Anna Fensel / Oleksandra Panasiuk / Victor Mireles-Chavez / Thomas Thurner / Markus Dörfler / Axel Polleres
  • Category: Articles
  • Region: Austria
  • Field of law: Advanced Legal Informatics Systems and Applications
  • Collection: Conference proceedings IRIS 2018
  • Citation: Tassilo Pellegrini / Andrea Schönhofer / Sabrina Kirrane / Simon Steyskal / Anna Fensel / Oleksandra Panasiuk / Victor Mireles-Chavez / Thomas Thurner / Markus Dörfler / Axel Polleres, A Genealogy and Classification of Rights Expression Languages – Preliminary Results, in: Jusletter IT 22 February 2018
Rights Expression Languages (RELs) are a central component of contemporary digital rights management systems. They are applied to express permissions, obligations and prohibitions in a machine-processable form. Since the early 1990s we can observe a massive increase in RELs for purposes such as access control, license management or contracting. This paper presents a genealogy of RELs since 1989, proposes a classification that helps better understand their functional focus and application area and gives an outlook on research perspectives.

Table of contents

  • 1. Problem Statement
  • 2. Methodology
  • 3. Results
  • 3.1. A brief history of RELs
  • 3.2. Application areas of RELs
  • 3.3. A genealogy of RELs
  • 4. Future Work
  • 5. Acknowledgements
  • 6. Literature
  • 7. Appendix 1: RELs Overview


Problem Statement ^


A central requirement of any Digital Rights Management (DRM) system is a machine-readable knowledge representation language known as Rights Expression Language (REL) (Jamkhedkar/Heileman, 2004). RELs are used to explicate machine-readable rights for purposes such as access control, trust management and contracting (Garcia et al. 2004/2007/2009). RELs are used to govern behavioural aspects and explicate usage rights that occur during digitally mediated interactions between two or more parties (Pellegrini 2014). RELs should be understood as a grounding component of legal technologies as their primary purpose is to express, govern and sanction legally binding behaviour within technologically mediated environments.


Among the most prominent RELs are MPEG-21, ODRL-2.0 (and derivatives such as OMA DRM or RightsML), ccREL and XACML to name but a few (Ermilov/Pellegini 2015). Most RELs have been developed according to the needs of specific sectors. I.e. MPEG-21, OeBFRel, XMCL, PRISM and TV-Anytime RMPI are optimized for rights management purposes in the area of multimedia and media asset management (Rodriguez-Doncel/Delgado 2009). RELs such as WSLA, WS-Agreement, SLAng, WSPL or WS-Policy support access control, trust management and contracting for web services. And RELs such as ccREL (Creative Commons Rights Expression Language) or ODRL (Open Digital Rights Language) are designed for general purposes and have gained popularity especially in the area of content and data licensing (Rodriguez et al. 2015; Sande et al. 2012).


A recent literature analysis conducted by the authors in the preparation of this paper revealed that more than 60 RELs have been developed since the early 1990s, some being derivatives of older ones (i.e. MPEG-21 being the successor of XrML) and some being developed to serve completely new purposes (i.e. LDR to manage interlinked data sources). These developments illustrate that RELs are a vital area of research whose relevance might even increase with the growing degree of automation and algorithmic governance in areas such as e-commerce, e-procurement or IT-security to name but a few (Prenafeta 2010; Gangadharan/DAndrea 2011a; Villata/Gandon 2012).

The REL landscape is characterized by heterogeneity and a high degree of diversification. Hence it is important to develop a good understanding of various REL types and their functional scope. Hence this paper presents preliminary results from an extensive literature review aiming at developing a genealogy of RELs and proposing a classification that illustrates the intended application areas of each REL for digital rights management purposes.
The paper is structured as follows: Section 2 briefly outlines the methodology. Section 3 investigates the history of RELs, discusses their application areas and introduces a genealogy of RELs in the timespan from 1989 to 2015. Section 4 gives an outlook on research perspectives and future work.


Methodology ^

The findings presented in this paper have been derived from an extensive literature review conducted on published works between 1989 and 2015. The analysed corpus has been compiled from the databases IEEE, ACM and SpringerLink and complemented by an analysis of references given in peer-reviewed academic works. In total this resulted in a literature corpus of 301 scientific or technical papers, each having an explicit reference to RELs as their subject of research. The analysed RELs are either officially supported standards (i.e. by MPEG, OASIS or ISO), recommended norms (i.e. W3C recommendations) or community contributions (i.e. provided by research groups or individuals). A full list of analysed RELs can be found in Appendix 1.
During the first analytic phase each REL has been assigned a publication year thus allowing to draw a corresponding timeline. In a second phase we developed a REL genealogy illustrating the technical dependency of various RELs during their evolution. In a third phase we derived a classification of RELs by analysing the functional purpose in correspondence with their application area.


Results ^


A brief history of RELs ^


According to Jamkhedkar/Heileman (2008) the appearance of RELs was a reaction to the radical changes invoked by modern information technology and the Internet on the existing balance between intellectual property owners and consumers at the end of 1980s. The occurring disturbances invoked by massive and loss-free sharing of copyright protected assets led intellectual property owners to put pressure on technologists to develop effective DRM systems to prevent violation of copyright by consumers. The first REL was introduced by McCarty (1989) in the year 1989 and was called Language for Legal Discourse (LLD). It was based on a logical framework and its central idea was to «develop a deep conceptual model […] by selecting a small set of common categories such as, space, time, action, permissions, obligations, constraints, and so on, relevant to a particular legal domain, and then developing a knowledge representation language that reflects the structure of this set» (Jamkhedkar/Heileman 2008, p. 3).

By the mid 1990`s the development of RELs gained traction when Stefik and Casey (1994) filed a patent for DRM technology they developed at Xerox PARC. Their REL went beyond McCarty’s approach as it included the description of a «usage rights grammar» that was subsequently implemented in LISP and called the Digital Rights Property Language (DRPL) (ibid). Nowadays most existing and functional RELs conform to the axiomatic principles of rights modelling first laid down by LLD and DPRL (Prados et al. 2005) and have made serious advancements with respect to functionality, design and interoperability. Since 1989 more than 60 RELs have appeared throughout literature, and they have become an integral component of most IT-systems in the context of digital rights management applications and web services.


Application areas of RELs ^

RELs are applied to express policies. According to Sloman (1994) policies define a relationship between subjects and targets within a policy domain. For the domain of digital rights management Chong et al. (2006, p. 290f) distinguish between six policy types known as 1) revenue policies, 2) provision policies, 3) operational policies, 4) contract policies, 5) copyright policies and 6) security policies. General purpose RELs such as MPEG-21 or ODRL by definition support all of these policies but also come along with specific strengths and limitations according to their functional design. Special purpose RELs covering just one or closely related policy domains are extending the application scope of general purpose RELs but also raise the level of technological complexity and evoke interoperability issues (Prados et al. 2005).
We applied Chong et al.’s policy types to our literature analysis but due to reasons of simplicity came up with a threefold distinction of application areas in the DRM domain, namely 1) access & trust policies, 2) license policies and 3) contracting policies. These three application areas have proven to be analytically reasonable given that the high amount or RELs discovered during our literature review prevented us from an in-depth functional analysis of each REL according to Chong et al.’s classification.
Given that, the three application areas for RELs can be defined as follows:
Contract Policies: According to Guth (2004, p. 81), a digital contract is a legally binding agreement of two or more parties, on the exchange of rights to (digital) goods or services under certain terms and conditions. A contract can be used as evidence to prove acceptance of liabilities and RELs can be applied to preserve these liabilities in the face of possible contingencies for the contract’s duration (Rodriguez et al. 2015, p. 64). Hence RELs can be applied to represent contracts in machine-readable form thus enabling automated processing and execution of contracts i.e. with respect to individual usage patterns, payment and enforcement purposes.
License Policies: According to Guth (2004, p. 82), a license should be understood as a specific type of contract granting general usage rights to intellectual property, technical know-how or technical inventions. Consequently, a license is used to express generalized terms about the intended usage pattern of a certain asset and usually defines the notion of property associated with a specific asset (such as declaring the degree of permissiveness allowed in the reuse of a certain asset). RELs are applied to represent licenses in a machine-readable form i.e. for purposes of similarity detection, compatibility checks and compliance with given terms and condition.

Access & Trust Policies: The last category refers to actions like authentication, authorization and security preservation. Access policies define permissions, restrictions or prohibitions associated with an asset for making this asset available to a user in a specific role or other related feature of distinction (Kirrane et al. 2015).1 Additionally, access policies can be used to explicate service level agreements and define the conditions of service delivery with respect to quality of service, security and privacy issues. Complementary to that, trust policies express conditions for interactions between entities that don’t know each other and where a sufficient level of confidentiality and privacy should be preserved for a specific context or duration (Aradhana 2011). RELs applied to the explication of access and trust policies usually capture higher-level goals. Such policies provide the means for specifying and modulating the terms of an asset and align its capabilities and constraints with the requirements of its users (Gangadharan/DAndrea 2011b).

Each REL can be used to express policies for either one or several of these application areas at various degrees of granularity and specificity. Hence we can distinguish between general purpose RELs (such as ODRL, MPEG-21 being the most prominent ones) and special purpose RELs targeted at one or two specific application areas. Figure 1 illustrates the assignment of RELs to their policy domain(s).

Fig 1: Classification of RELs according to their application area

The findings reveal that most RELs have been developed for the purpose of access and trust management which is insofar plausible as access and trust policies usually lay the foundation on which contract and licensing policies are being executed and enforced. This is also replicated in the fact that 40 out of 61 RELs contain functional features related to access and trust management, especially when an intersection with contract policies is given. 28 out of 61 RELs support contract management and 24 out of 61 RELs are related to license management. Special purpose RELs are either specifically designed to serve these areas as stand-alone RELs or come along as specific functional extensions of general purpose RELs often as a result of a community initiative governed by an official standardization body or industry working group.


A genealogy of RELs ^

Figure 2 illustrates a genealogy of RELs between 1989 and 2015 based on the literature review underlying this study. The timeline indicates the point in time when the REL has either become an officially supported standard or recommendation or has been introduced to the scientific discourse for the first time. The dotted lines between the RELs indicate their technological interdependence and genealogy. The assigned colours indicate the functional spectrum of each REL according to the application areas described in section 3.2.
We discovered a total of 61 RELs in the given time period with a massive increase in REL development between 2000 and 2005. 44 out of 61 RELs have been introduced in this time period either as proof of concept or as part of official standardization initiatives carried out under the auspices of The Moving Picture Experts Group (i.e. MPEG-21), the W3C (i.e. ODRL), the Open Mobile Alliance (i.e. OMA DRM) or the International Press & Telecommunications Council (i.e. ACAP and RightsML).

Despite these prominent examples for official standardization initiatives, the majority of RELs (43 out of 61) – especially if designed for special purposes – is subject to community or research initiatives (i.e. LicenseScript, Ponder, KAoS, Protune, METSRights, L4LOD) or commercial endeavours (i.e. EPAL, WS-Policy, PRISM ML).

Another finding relates to the appearance of special purpose RELs over the course of time. In the early days of REL development, access and trust policies dominated the community and industry endeavours, followed by contract policies and finally by license policies. The relatively late appearance of license policies can be interpreted as a reaction to the growing popularity of open and commons-based licensing models applied to content and data over the previous years and the complexity with respect to copyright issues arising from the combination of open and closed licensing models.

Overall our findings suggest that only a handful of RELs are being constantly maintained and advanced according to the requirements of contemporary IT systems. In contrast the majority of identified RELs seems to run short of continuous support either because they have just been developed as a proof of concept or they have been superseded by other RELs.


Fig 2: Genealogy and Classification of RELs from 1989 to 2015


Future Work ^

This paper presented the first results from an extensive literature review on RELs. The results have been validated by the authors but are still subject to further investigation and elaboration. Nevertheless, the results already give a good insight into the development, state of the art and future direction of REL-related research.
In our future work – which goes beyond the scope of this paper – the authors will extend their classification scheme not just by looking at the application area and functional similarity but also by investigating the technological design and functional interdependence of RELs. Further on, we plan to compare RELs according to their design principle, data model, the expressivity of their vocabulary and their serialization. This will provide us with a deeper insight into the syntactic and semantic interoperability of existing RELs and their applicability within interconnected IT-systems.


Acknowledgements ^

Funded by the Austrian Federal Ministry of Transport, Innovation and Technology (BMVIT) under the program «ICT of the Future» in the DALICC project. Runtime: November 2016 – October 2018. More information https://iktderzukunft.at/en/ and https://www.dalicc.net.


Literature ^

Aradhana, Chana, I., 2011. Developing trust policies for cloud scenarios. IEEE, pp. 389–393. https://doi.org/10.1109/ICCCT.2011.6075147.

Ermilov, I./Pellegrini, T. (2015). Data licensing on the cloud: empirical insights and implications for linked data (S. 153–156). ACM Press.

Gangadharan, G.R./DAndrea, V. (2011a). Managing Copyrights and Moral Rights of Service-Based Software. IEEE Software, pp. 48–55. 0740-7459/11.

Gangadharan, G.R./DAndrea, V. (2011b). Service licensing: conceptualization, formalization, and expression. Service Oriented Computing and Applications 5, 37–59. https://doi.org/10.1007/s11761-011-0079-6.

García, R./Gil, R. (2009). Copyright Licenses Reasoning an OWL-DL Ontology. In Proceedings of the 2009 Conference on Law, Ontologies and the Semantic Web: Channelling the Legal Information Flood (p. 145–162). Amsterdam: IOS Press.

García, R./Gil, R./Delgado, J. (2007). A web ontologies framework for digital rights management. Artificial Intelligence and Law, 15(2), 137–154. http://doi.org/10.1007/s10506-007-9032-6.

García, R./Gil, R./Delgado, J. (2004). Intellectual Property Rights Management Using a Semantic Web Information System. In R. Meersman & Z. Tari (Hrsg.), On the Move to Meaningful Internet Systems 2004: CoopIS, DOA, and ODBASE (Bd. 3290, S. 689–704). Berlin, Heidelberg: Springer Berlin Heidelberg. Abgerufen von http://link.springer.com/10.1007/978-3-540-30468-5_44.

Guth S. (2004). Interoperability of Digital Rights Management Systems via the Exchange of XML-based Rights Expressions. Dissertation: University of Vienna.

Jamkhedkar, P.A./Heileman, G.L. (2008). A formal conceptual model for rights. ACM Press, p. 29. https://doi.org/10.1145/1456520.1456528.

Kirrane, Sabrina/Mileo, Alessandra/Decker, Stefan (2015). Access Control and the Resource Description Framework: A Survey. In: Semantic Web Journal. See also: http://www.semantic-web-journal.net/content/access-control-and-resource-description-framework-survey.

McCarty, L. T. (1989). A Language for Legal Discourse I. Basic Features. In ICAIL ’89: Proceedings of the 2nd international conference on Artificial intelligence and law, pages 180–189, New York, NY, USA.

Pellegrini, T. (2014). Linked Data Licensing – Datenlizenzierung unter netzökonomischen Bedingungen. In E. Schweighöfer et al. (Hrsg.), Transparenz. 17. Int. Rechtsinformatik Symposium IRIS 2014. Wien: OCG Verlag.

Prenafeta, J. (2010). Protecting Copyright Through Semantic Technology. Publishing Research Quarterly, 26(4), 249–254.

Prados, J./Rodriguez, E./Delgado, J. (2005). Interoperability between Different Rights Expression Languages and Protection Mechanisms. Presented at the First International Conference on Automated Production of Cross Media Content for Multi-Channel Distribution (AXMEDIS’05), IEEE, Florence, Italy, pp. 145–152. doi:10.1109/AXMEDIS.2005.28.

Rodriguez-Doncel, V./Delgado, J. (2009). A Media Value Chain Ontology for MPEG-21. IEEE Multimedia, 16(4), 44–51. http://doi.org/10.1109/MMUL.2009.78.

Rodriguez, E./Delgado, J./Boch, L./Rodriguez-Doncel, V. (2015). Media Contract Formalization Using a Standardized Contract Expression Language. IEEE MultiMedia, 22(2), 64–74. http://doi.org/10.1109/MMUL.2014.22.

Safavi-Naini R./Sheppard N. P./Uehara T. (2004). Import/Export in Digital Rights Management. In: DRM, Jiayias, A., CCS, Association for Computing Machinery (Eds.), 2004. Proceedings of the Fourth ACM Workshop on Digital Rights Management: Washington, DC, USA, October 257, 20043 ; co-located with CCS 2004. Association for Computing Machinery, New York, NY.

Sande, Miel Vander/Portier, Marc/Mannens, Erik/Van de Walle, Rik (2012). Challenges for open data Usage: Open Derivatives and Licensing. In: https://www.w3.org/2012/06/pmod/pmod2012_submission_4.pdf, accessed February 12, 2016.

Sloman M. (1994). Policy driven management for distributed systems. In: Journal of Network and Systems Management, 333(2).

Stefik, M. J./Casey, M. M. (1994).Rights Expression Languages of Digital Works. Xerox Corporation, U.S. Patent No. 5,629,980.

Villata, S./Gandon, F. (2012). Licenses compatibility and composition in the web of data. In: COLD – Workshop in conjunction with the 11th International Semantic Web Conference 2012. CEUR WS Proceedings, 905.

Weitzner, D.J./Hendler, J./Berners-Lee, T./Connolly, D. (2006). Creating a policy-aware web: Discretionary, rule-based access, in: Web and Information Security. IRM Press.


Appendix 1: RELs Overview ^

Year Abbreviation Full Name Maintained by
1989 LLD Language for Legal Discourse McCarty
1995 DPRL 1.0 Digital Property Rights Language v1.0 Xerox Park
1995 Ponder   Damianou, Dulay, Lupu & Sloman
1998 DPRL 2.0 Digital Property Rights Language v2.0 Xerox Park
1998 KeyNote   Blaze, Feigenbaum, Ioannidis & Keromytis
1999 PDL Policy Description Language Lobo, Bhatia & Naqvi
2000 XrML 1.0 eXtensible Right Markup Language v1.0 Content Guard (a Xerox Park Spin Off)
2000 DocLog   Tan & Thoen
2000 (D)TPL (Defined) Trust Policy Language IBM Research
2000 PSPL Portfolio and Service Protection Language Bonatti & Samarati
2000 PAPL Person Allocation Policy Language Bonatti & Samarati
2001 ODRL 1.0 Open Digital Rights Language v1.0 W3C
2001 XMCL eXtensible Media Commerce Language RealNetworks
2001 ECL Enterprise Contract Language Neal
2001 X-SEC   Bertino, Castano & Ferrari
2001 PRML Privacy Rights Markup Language Zero-Knowledge Systems & IBM
2001 EPML Enterprise Privacy Markup Language Zero-Knowledge Systems & IBM
2002 ODRL 1.1 Open Digital Rights Language v1.1 W3C
2002 OMA DRM 1.0 OMA DRM Rights Expression Language v1.0 Open Mobile Alliance
2002 XrML 2.0 eXtensible Right Markup Language v2.0 Content Guard (a Xerox Park Spin Off)
2002 ebXML CPP/A 2.0 ebXML Collaboration Protocol Profile and Agreement v2.0 OASIS
2002 REI 1.0 Rights Expression and Interpretation v1.0 Kagal, Paolucci, Srinivasan, Denker, Finin & Sycara
2002 P3P 1.0 Platform for Privacy Preferences v1.0 W3C
2002 APPEL A P3P Preference Exchange Language v1.0 W3C
2002 DPL Deontic Policy Language Milosevic & Dromey
2003 MPEG-21   The Moving Picture Experts Group
2003 OeBF REL Open eBook Forum REL Open eBook Forum
2003 WSOL Web Service Offering Language Tosic, Pagurek, Patel, Esfandiari & Ma
2003 WSLA Web Service Level Agreement Keller & Ludwig
2003 XACML 1.0 eXtensible Access Control Markup Language v1.0 OASIS
2003 SweetDeal   Grosof & Poon
EPAL   Enterprise Privacy Authorization Language IBM
2003 KAoS   Uszok, Bradshaw, Jeffers, Suri, Hayes, Breedy, Bunch, Johnson, Kulkarni & Lott
2004 METSRights Metadata Encoding and Transmission Standard Rights Library of Congress
2004 OMA DRM 2.0 OMA DRM Rights Expression Language v2.0 Open Mobile Alliance
2004 TV Anytime RMPI TV Anytime Rights Management and Protection Information European Broadcasting Union
2004 AVS-REL Advanced Audio Video Coding Standard Rights Expression Language Advanced Audio Video Coding Standard (AVS) Workgroup
2004 BCL Business Contract Language Governatori & Milosevic
2004 WSPL Web Services Policy Language Vedamuthu, Orchard, Hirsch, Hondo, Yendluri, Bubez & Yacinalp
2004 DPAL Declarative Privacy Authorization Language n.s.
2004 SLAng SLA notation generator Skene, Lamanna & Emmerich
2004 PeerTrust   Gavriloaie, Nejdl, Olmedilla, Seamons & Winslett
2004 ISO REL   Content Guard (a Xerox Park Spin Off)
2004 MPEG-21 IPMP MPEG-21 Intellectual Property Management and Protection The Moving Picture Experts Group
2004 PLUS Picture Licensing Universal System PLUS Coalition
2005 PRISM RL Publishing Requirements for Industry Standard Metadata Rights Language Idealliance
2005 ebXML CPP/A 2.1 ebXML Collaboration Protocol Profile and Agreement v2.1 OASIS
2005 Protune PRovisional TrUst NEgotiation framework De Coi, Olmedilla, Bonatti & Sauro
2005 REI 2.0 Rights Expression and Interpretation v2.0 Kagal, Paolucci, Srinivasan, Denker, Finin & Sycara
2005 P3P 1.1 Platform for Privacy Preferences v1.1 W3C
2006 XACML 2.0 eXtensible Access Control Markup Language v2.0 OASIS
2006 LicenseScript   Chong, Corin, Etalle, Hartel, Jonker & Law
2007 WS-Policy Web Services Policy Anderson
2007 ACAP 1.0 Automated Content Access Protocol v1.0 International Press Telecommunications Council
2007 WS-Agreement Web Services Agreement Specification Open Grid Forum
2007 OSL Obligation Specification Language Hilty, Pretschner, Basin, Schaefer & Walter
2008 ODRL-S Open Digital Rights Language for Services Gangadharan, D’Andrea, Iannella & Weiss
2008 ccREL Creative Commons Rights Expression Language Creative Commons Foundation / W3C
2009 ExRiVob Extended Rights Vocabulary Wang, Seki & Kameyama
2009 LucScript Logic-based Usage Control License Script Zhong, Lin & Guo
2009 ACAP 1.1 Automated Content Access Protocol v1.1 International Press Telecommunications Council
2010 PAPEL Provenance-Aware Policy definition and Execution Language Ringelstein & Staab
2012 ODRL 2.0 Open Digital Rights Language W3C
2013 L4LOD Licenses for Linked Open Data Governatori, Rotolo, Villata & Gandon
2013 RightsML Rights Markup Language International Press Telecommunication Council
2013 XACML 3.0 eXtensible Access Control Markup Language OASIS
2013 Legal Rule ML Legal Rule Markup Language OASIS
2013 ODRS Open Data Rights Statement Vocabulary Dodds
2014 LDR 2.0 Linked Data Rights v2.0 Rodriguez, Poveda-Villalón, Suarez & Gomez
2015 ODRL 2.1 Open Digital Rights Language v2.1 W3C
2015 MPEG-21 CEL MPEG-21 Contract Expression Language The Moving Picture Experts Group
2015 MPEG-21 MCO MPEG-21 Cmedia Contract Ontology The Moving Picture Experts Group
  1. 1 Kirrane et al. (2015) distinguish between six access control models: Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role Based Access Control (RBAC), View Based Access Control (VBAC), Attribute Based Access Control (ABAC) and Context Based Access Control (CBAC).